Instantly share code, notes, and snippets.

Embed
What would you like to do?
FIM/MIM PowerShell Exchange Online Management Agent. Supporting blog post can be found here https://blog.darrenjrobinson.com/provisioning-hybrid-exchangeexchange-online-mailboxes-with-microsoft-identity-manager/
param
(
$username,
$password,
$ExportType
)
begin
{
# // Logging
$DebugFilePath = "C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\ExchangeOnline\Debug\EXOExport.txt"
if(!(Test-Path $DebugFilePath))
{$DebugFile = New-Item -Path $DebugFilePath -ItemType File}
else
{$DebugFile = Get-Item -Path $DebugFilePath}
"Starting Export : " + (Get-Date) | Out-File $DebugFile -Append
"ExportType : $ExportType " | Out-File $DebugFile -Append
# Password from the MA
$securestring = ConvertTo-SecureString -AsPlainText $Password -Force
# // Exchange 2013
# Setup Remote Local Exchange Online Powershell Session
$username = 'ExchangeAdministrator'
$server = "http://exchanageserver.customer.com.au/powershell/"
$credential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username, $securestring
# // Exchange Online
# Setup Exchange Online Powershell Sessions
$EXOURI = 'https://outlook.office365.com/powershell-liveid/'
$EXOUserName = 'ExchangeOnlineAdmin@customer.com.au'
$EXOcredential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $EXOUserName, $securestring
Import-Module lithnetMIISAutomation
$EXOMA = "Exchange Online"
"Looking to see if we have an EXO RPS Session" | Out-File $DebugFile -Append
if ($Global:ExportSession){
" RPS EXO Session already exists " + (get-date) | Out-File $DebugFile -Append
if ($(!$ExportSession.State -eq "Opened")){
" RPS Session was broken so opening a new one " + (get-date) | Out-File $DebugFile -Append
$Global:ExportSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $EXOURI -Authentication Basic -AllowRedirection -Credential $EXOcredential
Import-PSSession $ExportSession
}
} else {
" RPS Session didn't exist. Opening an RPS Session " + (get-date) | Out-File $DebugFile -Append
$Global:ExportSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $EXOURI -Authentication Basic -AllowRedirection -Credential $EXOcredential
Import-PSSession $ExportSession
}
"Looking to see if we have an Local Exchange RPS Session" | Out-File $DebugFile -Append
if ($Global:LocalExportSession){
" RPS Local Session already exists " + (get-date) | Out-File $DebugFile -Append
if ($(!$LocalExportSession.State -eq "Opened")){
" RPS Local Exchange Session was broken so opening a new one " + (get-date) | Out-File $DebugFile -Append
$Global:LocalExportSession = New-PSSession -ConfigurationName Microsoft.ExchangeLocal -ConnectionUri $server -Authentication Kerberos -Credential $credential
Import-PSSession $Session
} else {
" RPS Local Session didn't exist. Opening an RPS Local Session " + (get-date) | Out-File $DebugFile -Append
$Global:LocalExportSession = New-PSSession -ConfigurationName Microsoft.ExchangeLocal -ConnectionUri $server -Authentication Kerberos -Credential $credential
Import-PSSession $LocalExportSession
}
}
}
process
{
$error.clear()
$errorstatus = "success"
$errordetails = $null
$Identifier = $_.'[Identifier]'
$objectGuid = $_.'[DN]'
"==========" | Out-File $DebugFile -Append
"Changed Attributes" | Out-File $DebugFile -Append
$_.'[ChangedAttributeNames]' | Out-File $DebugFile -Append
#Loop through changes and update parameters
foreach ($can in $_.'[ChangedAttributeNames]')
{
if ( $can -eq 'LitHold'){$LitHold = $_.'LitHold'}
if ( $can -eq 'Alias'){$Alias = $_.'Alias'}
if ( $can -eq 'LitigationHoldDays'){$LitHoldDays = $_.'LitigationHoldDays'}
}
#Supported ChangeType is Replace
if ($_.'[ObjectModificationType]' -eq 'Add'){
# Not doing add's just updates
}
#Supported ChangeType is Replace
if ($_.'[ObjectModificationType]' -eq 'Replace')
{
"Object Modification Type - Replace" | Out-File $DebugFile -Append
$_ | Out-File $DebugFile -Append
$errorstatus = "success"
$userAccount = $_.AADUserPrincipalName
$csUserObj = Get-CSObject -DN $objectGuid -MA $EXOMA
$userMVGuid = $csUserObj.MvGuid.Guid
$mvUserObj = Get-MVObject -ID $csUserObj.MvGuid.Guid
$displayName = $mvUserObj.Attributes.displayName.Values.valuestring
$alias = $mvUserObj.Attributes.mailNickname.Values.valuestring
$identity = $mvUserObj.Attributes.accountName.Values.valuestring
$nickname = $mvUserObj.Attributes.mailNickname.Values.valuestring
$mboxEnabled = $mvUserObj.Attributes.ExchangeMailboxEnabled.Values.valueBoolean
## If Alias in changed Attrs and user not mailbox enabled then Enable
if ($Alias -and !$mboxEnabled){
# Enable user locally for O365 Mailbox
"Enable Remote Mailbox" | Out-File $DebugFile -Append
$localremoteMbx = Enable-RemoteMailbox -Identity $userAccount -RemoteRoutingAddress "$($nickname)@customer.mail.onmicrosoft.com"
# Enable Archive
"Enable Remote Mailbox In-Place Archive" | Out-File $DebugFile -Append
$localremoteArchive = Set-RemoteMailbox -Identity $userAccount -ArchiveName "In-Place Archive - $($displayName)"
}
## Set Litigation Hold Duration
if ($LitHoldDays){
# Set Lithold Duration
"Set Litigation Hold End Duration" | Out-File $DebugFile -Append
$LitHold = Set-Mailbox -Identity $userAccount -LitigationHoldDuration $LitHoldDays
}
# // Enable Litigation Hold
if ($LitHold){
"Enable Litigation Hold" | Out-File $DebugFile -Append
$LitHold = Set-Mailbox -Identity $userAccount -LitigationHoldEnabled $True
}
}
#Return the result to the MA
$obj = @{}
$obj.Add("[Identifier]",$Identifier)
$obj.Add("[ErrorName]","success")
if($errordetails){$obj.Add("[ErrorDetail]",$errordetails) }
$obj
}
end
{
#All done
"Completed Export : " + (Get-Date) | Out-File $DebugFile -Append
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment